Unofficial news and tips about Google

May 19, 2006

How To Break Web Software

Mike Andrews, a software security expert, was invited at Googleplex to talk about web applications security. The video [ 1 hr 26 min 38 sec] is a part of Google Techtalks.

He talks about common security bugs: spoofing, tampering, repudiation, information disclosure, denial of service, escalation of privilege (STRIDE). He also shows how he bought -3 books from an online software and got money on his credit card, instead of paying. Another interesting subject is how to protect against session ID guessing or stealing and page defacement.